Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    Earlier this week, a jailbreak for Apple’s iPhone 4 was released to the public by a developer known as “Comex.” By visiting a special website, users are able to jailbreak their devices far more easily than they could in the past. In addition to the iPhone 4, older Apple products running iOS can also be jailbroken this way. (Jailbreaking occurs when users modify the OS of their iPad, iPhone, and iPod Touch devices to run applications without passing through Apple’s app store.)

    Well-known Apple security researchers like Charlie Miller have favorably commented on the quality of the jailbreak. The jailbreak exploits two separate vulnerabilities—the first vulnerability lies in how the Safari browser handles .PDF files. .PDF files can contain a specially crafted embedded font that can cause arbitrary code execution. It appears to be related or identical to a similar Mac OS X flaw that was patched in March. A second vulnerability is used to gain elevated privileges on the device but details on this are not publicly available.

    There is no reason for the same techniques jailbreak developers use to not be used by malicious users to push malware onto iOS devices. So far, no attacks have been reported but this may not be the case in the future. There has been no official word from Apple about a patch for this flaw.

    Users can use Trend Micro’s Smart Surfing for iPhone application, which provides protection against malicious websites, including those targeting iOS devices. For example, the site containing the jailbreaking code is currently blocked as shown below.

    Thanks to Product Manager Warren Tsai for providing the details on the exploits used.

    Update as of August 5, 2010, 3:04 a.m. UTC

    Trend Micro now detects the PDF files used for this as TROJ_PIDIEF.HLA.

    Although there is no malicious payload currently linked to the said file, it could very easily be used for malicious attacks. As Advanced Threats Researcher Joey Costoya states, At this point, anybody could just create a PDF file with malicious payload using the same exploit. They already have the exploit PDF available publicly (via the jailbreak site). All they need now is to modify the exploit payload.

    Update as of August 12, 2010, 3:11 a.m. UTC

    Apple released security updates to address the vulnerabilities used for the jailbreak. The advisory describes the vulnerabilities as a stack buffer overflow vulnerability which exists in FreeType’s handling of CFF opcodes and an integer overflow vulnerability in the handling of IOSurface properties. iPhone, iPod and iPad users are strongly advised to apply the updates as soon as possible.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon

    Comments are closed.


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice